Zero trust is becoming a norm as organizations look to enhance the security posture of their workloads in cloud environments. A core principle of the zero trust approach is the ability to prove and verify identity for all - whether these entities are inside or outside...
You may have heard of sigstore and its container image verification tool, cosign. This blog post introduces a policy-driven workflow, Enterprise Contract, built on those technologies. Note: Red Hat’s Emerging Technologies blog includes posts that discuss...
Remote attestation answers the (slightly paraphrased) question: “It’s 3pm, do you know what the systems in your data center are doing?” Going with this premise, durable attestation answers a similar question about 3pm yesterday. In this article we describe the...
If you missed the Red Hat NEXT! event back in September, or if you just want to refresh your memory on some of the amazing content that was presented there, here's a complete listing of all of the talks. Follow the links to see the recordings on the Red Hat Community...
In a recent post we walked through using Tekton and Cosign to build, sign and verify container images within Kubernetes. Red Hat utilizes OpenShift, signing and scanning in its own build systems to deliver release artifacts. Red Hat’s secure software delivery is...
The release of Kubernetes 1.24 includes signed images, which highlights the importance of delivering secure images. Whether container images are being distributed to customers or run within your own datacenters, you must ensure that the assets within the software have...
In recent years, “edge devices” have evolved from simple IoT sensors to autonomous drones driven by powerful artificial intelligence (AI) software. Similarly, the processes to develop and deploy AI software to “the edge” have also seen a rapid evolution. Today, data...
Rekor, sigstore’s transparency log, recently reached an important milestone in its v0.6 release: it now supports log sharding. Log sharding means that the entries associated with a single Rekor server can now be distributed among multiple backend logs, which...
The Red Hat NEXT! conference is Red Hat’s annual event for deep dives on all things Emerging Technologies. Featuring a keynote from our CTO, Chris Wright, and breakout sessions on edge computing, cloud services, and security, this conference covers all of the most...
What does it mean for a system or component to be “trusted” in the world of computer systems? And why does it matter? In this post, we’ll provide an overview of what a Trusted Computing Base (TCB) is and provide a framework for how to evaluate a TCB’s security....
Modern software is layers upon layers upon layers. Most of us only really work in one or two of those layers but we rely on all of the others below us to keep working. Not only do we rely on their performance and functionality, we rely on them for security. If we're...
Open source software supply chains are exposed to multiple hacking risks, often with potentially disastrous outcomes considering the proliferation of open source in all sectors of industry. This is undeniable, the writing is on the wall, and so has been for a while....
It’s been a busy time since we announced Enarx and our vision for running workloads more securely to the world in August 2019. At the time, we had produced a proof of concept demo, creating and attesting a Trusted Execution Environment (TEE) instance using AMD’s...
If you run software on someone’s servers, you have a problem. You can’t be sure your data and code aren’t being observed, or worse, tampered with -- trust is your only assurance. But there is hope, in the form of Trusted Execution Environments (TEEs) and a new open...
When you run a workload as a VM, container or in a serverless environment, that workload is vulnerable to interference by any person or software with hypervisor, root or kernel access. Enarx, a new open source project, aims to make it simple to deploy...
As people move workloads to shared and public cloud environments, what methods are available to attest their environment has not been tampered with? Is there a good way to use a standardized cryptographic module to do remote attestation, trusted system boot, and so...
Everyone has an opinion on how Blockchain will change business and society. Quite a few startups are working on their Blockchain-based products or services, and some of them are even using initial coin offerings (ICOs) as a funding vehicle. However, it’s hard to find...
In this video from the Red Hat Summit 2018, Chief Security Architect Mike Bursell takes an enthusiastic look at three open source security technologies: DevSecOps, serverless computing, and Trusted Execution Environments....
The goal of the Keylime project is to connect the features of Trusted Platform Modules (TPMs) and cloud computing. Keylime is a scalable trusted cloud key management system, providing an end-to-end solution for both bootstrapping hardware-rooted cryptographic...
In this video from Red Hat Summit 2018, Red Hat Chief Technology Officer Chris Wright gives a view into the future direction of Red Hat technologies. [youtube=https://www.youtube.com/watch?v=N_LLAroJrJo&w=560&h=315] Chris begins with an overview of how Red...